diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /netwerk/test/unit/test_http3_dns_retry.js | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'netwerk/test/unit/test_http3_dns_retry.js')
-rw-r--r-- | netwerk/test/unit/test_http3_dns_retry.js | 357 |
1 files changed, 357 insertions, 0 deletions
diff --git a/netwerk/test/unit/test_http3_dns_retry.js b/netwerk/test/unit/test_http3_dns_retry.js new file mode 100644 index 0000000000..facbd4e90b --- /dev/null +++ b/netwerk/test/unit/test_http3_dns_retry.js @@ -0,0 +1,357 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +var { setTimeout } = ChromeUtils.importESModule( + "resource://gre/modules/Timer.sys.mjs" +); + +let h2Port; +let h3Port; +let trrServer; + +const certOverrideService = Cc[ + "@mozilla.org/security/certoverride;1" +].getService(Ci.nsICertOverrideService); + +add_setup(async function setup() { + h2Port = Services.env.get("MOZHTTP2_PORT"); + Assert.notEqual(h2Port, null); + Assert.notEqual(h2Port, ""); + + h3Port = Services.env.get("MOZHTTP3_PORT"); + Assert.notEqual(h3Port, null); + Assert.notEqual(h3Port, ""); + + trr_test_setup(); + + if (mozinfo.socketprocess_networking) { + Cc["@mozilla.org/network/protocol;1?name=http"].getService( + Ci.nsIHttpProtocolHandler + ); + Services.dns; // Needed to trigger socket process. + // eslint-disable-next-line mozilla/no-arbitrary-setTimeout + await new Promise(resolve => setTimeout(resolve, 1000)); + } + + Services.prefs.setIntPref("network.trr.mode", 2); // TRR first + Services.prefs.setBoolPref("network.http.http3.enable", true); + Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6); + Services.prefs.setBoolPref( + "network.http.http3.block_loopback_ipv6_addr", + true + ); + Services.prefs.setBoolPref( + "network.http.http3.retry_different_ip_family", + true + ); + Services.prefs.setBoolPref("network.dns.get-ttl", false); + + certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData( + true + ); + + registerCleanupFunction(async () => { + certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData( + false + ); + trr_clear_prefs(); + Services.prefs.clearUserPref( + "network.http.http3.retry_different_ip_family" + ); + Services.prefs.clearUserPref("network.http.speculative-parallel-limit"); + Services.prefs.clearUserPref("network.http.http3.block_loopback_ipv6_addr"); + Services.prefs.clearUserPref("network.dns.get-ttl"); + if (trrServer) { + await trrServer.stop(); + } + }); +}); + +function makeChan(url) { + let chan = NetUtil.newChannel({ + uri: url, + loadUsingSystemPrincipal: true, + contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT, + }).QueryInterface(Ci.nsIHttpChannel); + chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI; + return chan; +} + +function channelOpenPromise(chan, flags) { + // eslint-disable-next-line no-async-promise-executor + return new Promise(async resolve => { + function finish(req, buffer) { + resolve([req, buffer]); + } + let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal); + internal.setWaitForHTTPSSVCRecord(); + + chan.asyncOpen(new ChannelListener(finish, null, flags)); + }); +} + +async function registerDoHAnswers(host, ipv4Answers, ipv6Answers, httpsRecord) { + trrServer = new TRRServer(); + await trrServer.start(); + + Services.prefs.setIntPref("network.trr.mode", 3); + Services.prefs.setCharPref( + "network.trr.uri", + `https://foo.example.com:${trrServer.port()}/dns-query` + ); + + await trrServer.registerDoHAnswers(host, "HTTPS", { + answers: httpsRecord, + }); + + await trrServer.registerDoHAnswers(host, "AAAA", { + answers: ipv6Answers, + }); + + await trrServer.registerDoHAnswers(host, "A", { + answers: ipv4Answers, + }); + + Services.dns.clearCache(true); +} + +// Test if we retry IPv4 address for Http/3 properly. +add_task(async function test_retry_with_ipv4() { + let host = "test.http3_retry.com"; + let ipv4answers = [ + { + name: host, + ttl: 55, + type: "A", + flush: false, + data: "127.0.0.1", + }, + ]; + // The UDP socket will return connection refused error because we set + // "network.http.http3.block_loopback_ipv6_addr" to true. + let ipv6answers = [ + { + name: host, + ttl: 55, + type: "AAAA", + flush: false, + data: "::1", + }, + ]; + let httpsRecord = [ + { + name: host, + ttl: 55, + type: "HTTPS", + flush: false, + data: { + priority: 1, + name: host, + values: [ + { key: "alpn", value: "h3" }, + { key: "port", value: h3Port }, + ], + }, + }, + ]; + + await registerDoHAnswers(host, ipv4answers, ipv6answers, httpsRecord); + + let chan = makeChan(`https://${host}`); + let [req] = await channelOpenPromise(chan); + Assert.equal(req.protocolVersion, "h3"); + + await trrServer.stop(); +}); + +add_task(async function test_retry_with_ipv4_disabled() { + let host = "test.http3_retry_ipv4_blocked.com"; + let ipv4answers = [ + { + name: host, + ttl: 55, + type: "A", + flush: false, + data: "127.0.0.1", + }, + ]; + // The UDP socket will return connection refused error because we set + // "network.http.http3.block_loopback_ipv6_addr" to true. + let ipv6answers = [ + { + name: host, + ttl: 55, + type: "AAAA", + flush: false, + data: "::1", + }, + ]; + let httpsRecord = [ + { + name: host, + ttl: 55, + type: "HTTPS", + flush: false, + data: { + priority: 1, + name: host, + values: [ + { key: "alpn", value: "h3" }, + { key: "port", value: h3Port }, + ], + }, + }, + ]; + + await registerDoHAnswers(host, ipv4answers, ipv6answers, httpsRecord); + + let chan = makeChan(`https://${host}`); + chan.QueryInterface(Ci.nsIHttpChannelInternal); + chan.setIPv4Disabled(); + + await channelOpenPromise(chan, CL_EXPECT_FAILURE); + await trrServer.stop(); +}); + +// See bug 1837252. There is no way to observe the outcome of this test, because +// the crash in bug 1837252 is only triggered by speculative connection. +// The outcome of this test is no crash. +add_task(async function test_retry_with_ipv4_failed() { + let host = "test.http3_retry_failed.com"; + // Return a wrong answer intentionally. + let ipv4answers = [ + { + name: host, + ttl: 55, + type: "AAAA", + flush: false, + data: "127.0.0.1", + }, + ]; + // The UDP socket will return connection refused error because we set + // "network.http.http3.block_loopback_ipv6_addr" to true. + let ipv6answers = [ + { + name: host, + ttl: 55, + type: "AAAA", + flush: false, + data: "::1", + }, + ]; + let httpsRecord = [ + { + name: host, + ttl: 55, + type: "HTTPS", + flush: false, + data: { + priority: 1, + name: host, + values: [ + { key: "alpn", value: "h3" }, + { key: "port", value: h3Port }, + ], + }, + }, + ]; + + await registerDoHAnswers(host, ipv4answers, ipv6answers, httpsRecord); + + // This speculative connection is used to trigger the mechanism to retry + // Http/3 connection with a IPv4 address. + // We want to make the connection entry's IP preference known, + // so DnsAndConnectSocket::mRetryWithDifferentIPFamily will be set to true + // before the second speculative connection. + let uri = Services.io.newURI(`https://test.http3_retry_failed.com`); + Services.io.speculativeConnect( + uri, + Services.scriptSecurityManager.getSystemPrincipal(), + null, + false + ); + + // eslint-disable-next-line mozilla/no-arbitrary-setTimeout + await new Promise(resolve => setTimeout(resolve, 3000)); + + // When this speculative connection is created, the connection entry is + // already set to prefer IPv4. Since we provided an invalid A response, + // DnsAndConnectSocket::OnLookupComplete is called with an error. + // Since DnsAndConnectSocket::mRetryWithDifferentIPFamily is true, we do + // retry DNS lookup. During retry, we should not create UDP connection. + Services.io.speculativeConnect( + uri, + Services.scriptSecurityManager.getSystemPrincipal(), + null, + false + ); + + // eslint-disable-next-line mozilla/no-arbitrary-setTimeout + await new Promise(resolve => setTimeout(resolve, 3000)); + await trrServer.stop(); +}); + +add_task(async function test_retry_with_0rtt() { + let host = "test.http3_retry_0rtt.com"; + let ipv4answers = [ + { + name: host, + ttl: 55, + type: "A", + flush: false, + data: "127.0.0.1", + }, + ]; + // The UDP socket will return connection refused error because we set + // "network.http.http3.block_loopback_ipv6_addr" to true. + let ipv6answers = [ + { + name: host, + ttl: 55, + type: "AAAA", + flush: false, + data: "::1", + }, + ]; + let httpsRecord = [ + { + name: host, + ttl: 55, + type: "HTTPS", + flush: false, + data: { + priority: 1, + name: host, + values: [ + { key: "alpn", value: "h3" }, + { key: "port", value: h3Port }, + ], + }, + }, + ]; + + await registerDoHAnswers(host, ipv4answers, ipv6answers, httpsRecord); + + let chan = makeChan(`https://${host}`); + chan.QueryInterface(Ci.nsIHttpChannelInternal); + chan.setIPv6Disabled(); + + let [req] = await channelOpenPromise(chan); + Assert.equal(req.protocolVersion, "h3"); + + // Make sure the h3 connection created by the previous test is cleared. + Services.obs.notifyObservers(null, "net:cancel-all-connections"); + // eslint-disable-next-line mozilla/no-arbitrary-setTimeout + await new Promise(resolve => setTimeout(resolve, 1000)); + + chan = makeChan(`https://${host}`); + chan.QueryInterface(Ci.nsIHttpChannelInternal); + + [req] = await channelOpenPromise(chan); + Assert.equal(req.protocolVersion, "h3"); + + await trrServer.stop(); +}); |